Upcoming Release 81 will introduce an option
for locking down UI access when the program is running in
service mode.

Details

In service mode, the program splits the backup engine and
its user interface into two separate processes.
The engine runs autonomously in the background as
a system service, under a service user account.
The user interface runs as a regular
desktop program, under a desktop user account.

This split allows the UI to be started and stopped
at will, with the engine running continuously even
when no user is logged in.

When the UI is started, it connects to the engine,
at which point the engine starts feeding the UI with
updates and the UI sends back control and configuration
commands as per user's input.

The change in R81 allows to set the engine to ask
for a password when the UI first connects to it.
Once enabled, it will cause the program to pop up a
password prompt when the UI is opened. No password = no UI.
This option is primarily meant for preventing non-admin
local users from opening the UI and messing with the setup.

Fine print

1. The password is verified by the engine, meaning that the
check is isolated from the desktop user context and can't
be worked around without having Admin rights.

2. Salted
hash of the password is stored in the engine's config file.
The password can be cleared by stopping the service,
wiping password hash from the config file and restarting
the service. This also requires Admin rights.

3. When the program is being updated, the UI knows how
to restart and reconnect back to the service
without requesting a password.

Due to how updates work,
this is one of more complicated (and interesting!) parts,
based on single-use authentication tokens that are issued
by the engine to the UI specifically for this case.
However it's completely invisible in use.

4. The UI does away with dual password entry fields
(enter once, enter again to confirm). Instead, just
as many modern UIs do, it allows revealing the
password if needed.
5. Don't forget your password.